After upgrading githubEnterprise from 2.19.4 to 3.0.25 one issue appeared.
When I try to create git webhooks with POST request from my local instance or from my CI machine I receive response from git:
{"message":"Validation Failed","errors":[{"resource":"Hook","code":"custom","message":"Sorry, the URL host localhost is not supported because it isn't reachable over the public Internet"}],"documentation_url":"https://docs.github.com/enterprise/3.0/rest/reference/repos#create-a-repository-webhook"}
I know the root cause - creating webhook with localhost callback, but I would like to keep it as it worked before.
I've tried to find some setting/property to set in the config to force github instance to accept that url but I haven't found anything.
Do you know how to tell github to accept this callback urls or any workaround?I don't want to change my tests and CI. I want to configure github that way.
P.S. I've found POST with explanation this behaviour but there is no solution.
I'm trying to connect the SPGo plugin in Visual Studio Code to a Sharepoint Online site. There are lots of guides for this, for instance this one: https://medium.com/niftit-sharepoint-blog/saying-goodbye-to-sharepoint-designer-ac939a0b79ba
In short, I'm doing it like this:
Open VS Code
Open a local, empty folder)
SPGO: Configure workspace (follow guide, ending up with spgo.json
looking like the one I pasted)
SPGO: Populate local workspace (asking me for credentials and I plot
it in O365 style (email and password).
Statusbar says "Populating workspace"
After about 10 seconds I get the pasted error in the output window (spgo)
I'm using newest versions:
Visual Studio Code 1.37.1
SPGo 1.4.3
I have tried various sites in my tenant and I know they are up. I am Site Collection Administrator for the sites. I know the credentials are correct, of course. the remoteFolders and publishingScope doesn't affect anything, when changed. I assume authenticationType should be "Digest".
SPGo.json:
{
"sourceDirectory": "src",
"sharePointSiteUrl": "https://domain.sharepoint.com/sites/SiteName",
"publishingScope": "Major",
"authenticationType": "Digest",
"remoteFolders": [
"/SitePages/"
]
}
I don't get any files in the local folder, instead I get an error in the output:
================================ ERROR ================================
<s:Fault>
<s:Code>
<s:Value>s:Receiver</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/dispatcher">a:InternalServiceFault</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="en-US">The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.</s:Text>
</s:Reason>
</s:Fault>
Error Detail:
----------------------
{}
===============================================================================
Sorry I missed this post for so long. First- thanks for the detailed write-up. This is the first time I've seen this specific issue with SPGo, so I do not know for sure what is the root cause.
Couple questions:
Are you using ADFS Authentication with your Office 365/SharePoint Online instance?
Are you able to use Addin-Only Authentication on this SP Site?
SPGo should be able to automatically work with ADFS in SharePoint Online but, as a fall-back, you could use Addin-Only Authentication. In this scenario you would create a ClientId and ClientSecret pair for the SharePoint Site Collection you are accessing and authenticate using those credentials. The ClientId would act as your UserName, and the ClientSecret would be your password.
Under the covers, I am using the node-sp-auth package for user authentication. Sergei (s-KaiNet on Github) has a great write-up on how to enable Addin-Only Authentication in SharePoint Online on his site, which you can find here.
Thanks for using SPGo!
I created a project under actions console and made a test action package for smart home app. I want to try uploading the action package I have using gactions. However, every time I execute this command
./gactions --verbose update --action_package action.json --project my_project_id
the result is always like this:
Unable to update: Patch https://actions.googleapis.com/v2/agents/my_project_id?updateMask=agent.draftActionPackage.actions%2Cagent.draftActionPackage.conversations&validateOnly=false: Post https://accounts.google.com/o/oauth2/token: dial tcp 216.58.200.45:443: i/o timeout
I checked the verbose log and I noticed that it is reading some data from creds.data
Reading credentials from: creds.data
Then I noticed the contents in creds.data contains the access token and the expiry time. But the expiry time is july 18, which is a lot of days from now. I am not sure if this is the case that causes timeout error. And I also don't know how to update the creds.data to get a new access token.
Alright. I noticed that a part of this error is my net problem. But I was able to open yahoo and other sites, while the update just didn't work. But nevermind, I just switched to a different Wi-Fi.
Then I deleted the creds.data. And executed the update command again, this will come out.
Gactions needs access to your Google account. Please copy & paste the URL below into a web browser and follow the instructions there. Then copy and paste the authorization code from the browser back here.
Visit this URL:
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=237807841406-o6vu1tjkq8oqjub8jilj6vuc396e2d0c.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Factions.builder&state=state
Enter authorization code:
Then I followed the instructions above, got the authorization code, copied and pasted it in the console, and everything works fine now.
I'm using the github oauth plugin for our logins but for all of our users in the Organisation I get an error:
Access Denied
<user> is missing the Overall/Read permission
I have tried everything I can possibly think of to try to make this work and I'm probably going to fallback to making everyone an admin user, which i would prefer not to do.
Any advise would be appreciated.
This is how I resolved the authentication problem:
Edit config.xml file, e.g.
sudo vi /var/lib/jenkins/config.xml
Change useSecurity element's value to false, e.g.
<useSecurity>false</useSecurity>
Remove authorizationStrategy block
Restart Jenkins: /etc/init.d/jenkins restart.
Access Jenkins through URL as usual and reconfigure security again.
I had the same problem with "... is missing the Overall/Read permission" on Jenkins (1.651.2) with activated Credentials Plugin.
But it was my own failure: I only configured the user on project side (by credential plugin) but missed to configure the global security.
So I fixed it by selecting:
Jenkins -> Manage Jenkins -> Configure Global Security
And did setup missing global settings (or project matrix based one)
Have you followed this step, from the plugin page?
Control user authorization (i.e. who is allowed to see the jobs and build them) using the Github Commiter Authorization Strategy
Also, make sure you actually allow authenticated users to access Jenkins
Under Jenkins global configuration, under Authorization, add user/group called authenticated
Give that group Overall Read permission
The group should show up with a "group" icon (two users), as opposed to single user icon.
reset from <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> in config.xml and set the permission again.
Edit file /var/lib/jenkins/config.xml and add the following lines :
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>hudson.model.Hudson.Read:john.smith</permission>
</authorizationStrategy>
Restart Jenkins
What I did when I got this error is to edit config.xml as mentionned by other users and correctly re-add my username in LOWERCASE in "configureSecurity" Jenkins' page. I was using "KrustyHack" when adding permissions but it didn't work. I had to add "krustyhack" instead, and it worked.
I hope it helps.
I had the same problem here, but it affected only some users, not all of them. Anyway, you should check public organization membership : documentation of the plugin states that "You have to be a public member of the organization for the authorization to work correctly." (https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin).
Follow instructions from GitHub (https://help.github.com/articles/publicizing-or-hiding-organization-membership/) in order to make organization membership public, and this might fix your issue.
Also check the case user names in the authorizationStrategy element. I made my new user's name lower case and restarted the service and it the error went away.
Fix it by these 2 shell commands on the server (sudo permission is required):
sudo ex +g/useSecurity/d +g/authorizationStrategy/d -scwq /var/lib/jenkins/config.xml
sudo /etc/init.d/jenkins restart
This will remove useSecurity and authorizationStrategy lines from your config file.
See also: Disable security at Jenkins website
We hit this same error when a github organization administrator changed the organization's settings for "Third-party access" to "restrict third-party application access". Reverting to the previous settings within the github organization resolved the problem.
See github oauth-app-access-restrictions for details on how to configure that properly.
The assignment of roles to users is stored in config.xml file. Add the ID of the user directly to the role and then restart Jenkins.
In my case, I have a role named editor and a bunch of users assigned to the role.
<role name="editor" pattern=".*">
<permissions>
<...>
<permission>hudson.model.Item.Create</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>...</permission>
</permissions>
<assignedSIDs>
<sid>bob</sid>
<sid>alice</sid>
<sid>**newuser**</sid>
</assignedSIDs>
</role>
The matrix security is not terribly clear. I am a member of a specific group in our org that has admin privileges however I am also an authenticated user. I would think that the one group super-cedes the other however I have to have both in order to actually log into the system and be admin. It's screwed up IMO.
go to your-jenkins-host:port/role-strategy/assign-roles and configure roles for the user
I had the same problem before,
your OAuth application need your organization owner's approve,
then the OAuth Plugin can access the private data in it
I am using Crowd 2 plugin and I have the same problem.
I fixed it by downgrading OWASP Markup Formatter Plugin from varsion 1.2 to version 1.1 and then changing Markup Formatter in Configure Global Security value to Raw HTML, before it was Plain text.
I had exactly the same problem and adding the plugin Role Strategy Plugin fixed the problem.
All I had to do was install the plugin, create two groups - admin / developer and then add users to the groups.
A much much better solution than recreating the whole permissions matrix :)
I had a similar problem I was not able access Jenkin account and the system was locked.
I had only an error message. "Access Denied "
When I tried to reinstall Jenkins then it prompted to Repair option.
By clicking Repair option it fixed the problem.
Go to $JENKINS_HOME (linux, jenkins in windows), and find config.xml file.
Open this file in the editor. (take backup of .jenkins home)
Look for the <useSecurity>true</useSecurity> element in this file.
Replace "true" with "false"
Remove the elements authorizationStrategy and securityRealm
Start Jenkins
I found it in
C:\ProgramData\Jenkins\.jenkins
Jenkins Version: 2.319.2
Instead of removing all security (the top answer), Add admin access as root, to the user you want to give admin to. We had the same issue where all admins were no longer with the company. This is how I resolved the authentication problem: I logged into:
jenkins#<jenkins server>:/var/lib/jenkins/
Edit config.xml file, and add a config for
<permission>hudson.model.Hudson.Administer:<username></permission>
Then restart Jenkins:
root#<jenkins server>:/$ /etc/init.d/jenkins restart
Just use Jenkins > Configure Global Security bottom page matrix to provide permissions to the user (start w/ read)
I edited the /var/lib/jenkins/config.xml file and replaced the
<authorizationStrategy>...</authorizationStrategy>
with
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
It is the default settings after installation. Then restart the jenkins service.
I'm having a hard time pushing my commits to a remote repository with libgit2sharp. Using the git bash it works fine.
The remote is addressed via UNC like "//computer_name/remote.git". So it's a folder on a machine in the local network which has an accessible folder.
Cloning it to a local repo with libgit2sharp worked just fine and constructing a remote was successful too with
Remote remote = localrepo.Network.Remotes["origin"];
Now when I try pushing to the remote with:
localrepo.Network.Push(remote, "HEAD", "origin");
I get the exception in git_push_add_refspec() in Proxy.cs
An error was raised by libgit2. Category = Invalid (Error).
Not a valid reference 'origin'
So then I tried:
repo.Network.Push(remote, "HEAD", #"refs/remotes/origin/master");
and got the exception in git_push_finish() in Proxy.cs
An error was raised by libgit2. Category = Net (Error).
Remote transport doesn't support push.
Is there a right way to do this or is there a support problem for my usecase?
Thanks in advance!
[UPDATE]
Now my command looks like this
repo.Network.Push(remote, "HEAD", #"refs/remote/origin/master", pushStErrHnd, null);
The PushStatusErrorHandler has only one line of code in which it should write the PushErrorStatus to console. But console remains blank and then the above exception occurs.
[UPDATE 2]
The static variable Repository.Version was 0.9.5 when I experienced the above.
As nulltoken has already mentioned, local push has just recently been added. You will need to make sure that you have a recent LibGit2Sharp build (you will need LibGit2Sharp containing commit 547a6bd, committed on March 12)
Also, there is a slight mistake in the API usage. The destination reference should be the reference to update on the remote (e.g. #"refs/remote/origin/master" should probably be #"refs/heads/master").
Push to a local repository has been recently added to libgit2 (see PR #1406) and eventually embedded in LibGit2Sharp. However, this feature hasn't been properly tested yet.
In order to try and help you, could you please update your questions with the answers to the few questions below:
Push accept an additional parameter to give more information about issues: onPushStatusError. Could you please provide the output of each potential PushStatusErrors?
You state "Cloning it to a local repo worked". How did you perform the clone? Through git? Through LibGit2Sharp?
What happens if you change the url of the remote to a file URI format (eg. file://computer_name/remote.git)?
UPDATE
The amazing #yorah is working on a Pull Request to enhance the test coverage regarding your scenario.
Cloning from a local repository
Adding a new Commit
Pushing the newly created commit
Retrieving the list of the remote references